actionview 6.1.7.2 → 6.1.7.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +27 -0
- data/lib/action_view/gem_version.rb +1 -1
- data/lib/assets/compiled/rails-ujs.js +36 -5
- metadata +12 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f6ed9e24a774e9e4f1c79332ce2f6c80cd40823a0bcc15f160ca415ea365a1b1
|
4
|
+
data.tar.gz: 434ec5472bbaddb2973415fc662b3e46e471b3210c5426d5b09b4ab625245c9f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: efe68a6b0c038a00d866006ba010cad70b41ccf6f38c32ef0773713f5951e671a6ec16d908063519c851513523f60b0d10e23b2443f5184d93f7f539cde81688
|
7
|
+
data.tar.gz: 138bb777d4d79eb8a4ebd1aac456ebf1c85db5e7d59f53080dd8d339dd589f038255ed2b0c5e3439a763ceaca7c63049b10a8699fe02077c61f016e27dd31e66
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,30 @@
|
|
1
|
+
## Rails 6.1.7.7 (February 21, 2024) ##
|
2
|
+
|
3
|
+
* No changes.
|
4
|
+
|
5
|
+
|
6
|
+
## Rails 6.1.7.6 (August 22, 2023) ##
|
7
|
+
|
8
|
+
* No changes.
|
9
|
+
|
10
|
+
|
11
|
+
## Rails 6.1.7.5 (August 22, 2023) ##
|
12
|
+
|
13
|
+
* No changes.
|
14
|
+
|
15
|
+
|
16
|
+
## Rails 6.1.7.4 (June 26, 2023) ##
|
17
|
+
|
18
|
+
* No changes.
|
19
|
+
|
20
|
+
|
21
|
+
## Rails 6.1.7.3 (March 13, 2023) ##
|
22
|
+
|
23
|
+
* Ignore certain data-* attributes in rails-ujs when element is contenteditable
|
24
|
+
|
25
|
+
[CVE-2023-23913]
|
26
|
+
|
27
|
+
|
1
28
|
## Rails 6.1.7.2 (January 24, 2023) ##
|
2
29
|
|
3
30
|
* No changes.
|
@@ -73,6 +73,22 @@ Released under the MIT license
|
|
73
73
|
return element[expando][key] = value;
|
74
74
|
};
|
75
75
|
|
76
|
+
Rails.isContentEditable = function(element) {
|
77
|
+
var isEditable;
|
78
|
+
isEditable = false;
|
79
|
+
while (true) {
|
80
|
+
if (element.isContentEditable) {
|
81
|
+
isEditable = true;
|
82
|
+
break;
|
83
|
+
}
|
84
|
+
element = element.parentElement;
|
85
|
+
if (!element) {
|
86
|
+
break;
|
87
|
+
}
|
88
|
+
}
|
89
|
+
return isEditable;
|
90
|
+
};
|
91
|
+
|
76
92
|
Rails.$ = function(selector) {
|
77
93
|
return Array.prototype.slice.call(document.querySelectorAll(selector));
|
78
94
|
};
|
@@ -395,9 +411,9 @@ Released under the MIT license
|
|
395
411
|
|
396
412
|
}).call(this);
|
397
413
|
(function() {
|
398
|
-
var disableFormElement, disableFormElements, disableLinkElement, enableFormElement, enableFormElements, enableLinkElement, formElements, getData, isXhrRedirect, matches, setData, stopEverything;
|
414
|
+
var disableFormElement, disableFormElements, disableLinkElement, enableFormElement, enableFormElements, enableLinkElement, formElements, getData, isContentEditable, isXhrRedirect, matches, setData, stopEverything;
|
399
415
|
|
400
|
-
matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, stopEverything = Rails.stopEverything, formElements = Rails.formElements;
|
416
|
+
matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, stopEverything = Rails.stopEverything, formElements = Rails.formElements, isContentEditable = Rails.isContentEditable;
|
401
417
|
|
402
418
|
Rails.handleDisabledElement = function(e) {
|
403
419
|
var element;
|
@@ -417,6 +433,9 @@ Released under the MIT license
|
|
417
433
|
} else {
|
418
434
|
element = e;
|
419
435
|
}
|
436
|
+
if (isContentEditable(element)) {
|
437
|
+
return;
|
438
|
+
}
|
420
439
|
if (matches(element, Rails.linkDisableSelector)) {
|
421
440
|
return enableLinkElement(element);
|
422
441
|
} else if (matches(element, Rails.buttonDisableSelector) || matches(element, Rails.formEnableSelector)) {
|
@@ -429,6 +448,9 @@ Released under the MIT license
|
|
429
448
|
Rails.disableElement = function(e) {
|
430
449
|
var element;
|
431
450
|
element = e instanceof Event ? e.target : e;
|
451
|
+
if (isContentEditable(element)) {
|
452
|
+
return;
|
453
|
+
}
|
432
454
|
if (matches(element, Rails.linkDisableSelector)) {
|
433
455
|
return disableLinkElement(element);
|
434
456
|
} else if (matches(element, Rails.buttonDisableSelector) || matches(element, Rails.formDisableSelector)) {
|
@@ -513,10 +535,12 @@ Released under the MIT license
|
|
513
535
|
|
514
536
|
}).call(this);
|
515
537
|
(function() {
|
516
|
-
var stopEverything;
|
538
|
+
var isContentEditable, stopEverything;
|
517
539
|
|
518
540
|
stopEverything = Rails.stopEverything;
|
519
541
|
|
542
|
+
isContentEditable = Rails.isContentEditable;
|
543
|
+
|
520
544
|
Rails.handleMethod = function(e) {
|
521
545
|
var csrfParam, csrfToken, form, formContent, href, link, method;
|
522
546
|
link = this;
|
@@ -524,6 +548,9 @@ Released under the MIT license
|
|
524
548
|
if (!method) {
|
525
549
|
return;
|
526
550
|
}
|
551
|
+
if (isContentEditable(this)) {
|
552
|
+
return;
|
553
|
+
}
|
527
554
|
href = Rails.href(link);
|
528
555
|
csrfToken = Rails.csrfToken();
|
529
556
|
csrfParam = Rails.csrfParam();
|
@@ -545,10 +572,10 @@ Released under the MIT license
|
|
545
572
|
|
546
573
|
}).call(this);
|
547
574
|
(function() {
|
548
|
-
var ajax, fire, getData, isCrossDomain, isRemote, matches, serializeElement, setData, stopEverything,
|
575
|
+
var ajax, fire, getData, isContentEditable, isCrossDomain, isRemote, matches, serializeElement, setData, stopEverything,
|
549
576
|
slice = [].slice;
|
550
577
|
|
551
|
-
matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, fire = Rails.fire, stopEverything = Rails.stopEverything, ajax = Rails.ajax, isCrossDomain = Rails.isCrossDomain, serializeElement = Rails.serializeElement;
|
578
|
+
matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, fire = Rails.fire, stopEverything = Rails.stopEverything, ajax = Rails.ajax, isCrossDomain = Rails.isCrossDomain, serializeElement = Rails.serializeElement, isContentEditable = Rails.isContentEditable;
|
552
579
|
|
553
580
|
isRemote = function(element) {
|
554
581
|
var value;
|
@@ -566,6 +593,10 @@ Released under the MIT license
|
|
566
593
|
fire(element, 'ajax:stopped');
|
567
594
|
return false;
|
568
595
|
}
|
596
|
+
if (isContentEditable(element)) {
|
597
|
+
fire(element, 'ajax:stopped');
|
598
|
+
return false;
|
599
|
+
}
|
569
600
|
withCredentials = element.getAttribute('data-with-credentials');
|
570
601
|
dataType = element.getAttribute('data-type') || 'script';
|
571
602
|
if (matches(element, Rails.formSubmitSelector)) {
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionview
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.1.7.
|
4
|
+
version: 6.1.7.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-02-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 6.1.7.
|
19
|
+
version: 6.1.7.7
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 6.1.7.
|
26
|
+
version: 6.1.7.7
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: builder
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -92,28 +92,28 @@ dependencies:
|
|
92
92
|
requirements:
|
93
93
|
- - '='
|
94
94
|
- !ruby/object:Gem::Version
|
95
|
-
version: 6.1.7.
|
95
|
+
version: 6.1.7.7
|
96
96
|
type: :development
|
97
97
|
prerelease: false
|
98
98
|
version_requirements: !ruby/object:Gem::Requirement
|
99
99
|
requirements:
|
100
100
|
- - '='
|
101
101
|
- !ruby/object:Gem::Version
|
102
|
-
version: 6.1.7.
|
102
|
+
version: 6.1.7.7
|
103
103
|
- !ruby/object:Gem::Dependency
|
104
104
|
name: activemodel
|
105
105
|
requirement: !ruby/object:Gem::Requirement
|
106
106
|
requirements:
|
107
107
|
- - '='
|
108
108
|
- !ruby/object:Gem::Version
|
109
|
-
version: 6.1.7.
|
109
|
+
version: 6.1.7.7
|
110
110
|
type: :development
|
111
111
|
prerelease: false
|
112
112
|
version_requirements: !ruby/object:Gem::Requirement
|
113
113
|
requirements:
|
114
114
|
- - '='
|
115
115
|
- !ruby/object:Gem::Version
|
116
|
-
version: 6.1.7.
|
116
|
+
version: 6.1.7.7
|
117
117
|
description: Simple, battle-tested conventions and helpers for building web pages.
|
118
118
|
email: david@loudthinking.com
|
119
119
|
executables: []
|
@@ -239,10 +239,10 @@ licenses:
|
|
239
239
|
- MIT
|
240
240
|
metadata:
|
241
241
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
242
|
-
changelog_uri: https://github.com/rails/rails/blob/v6.1.7.
|
243
|
-
documentation_uri: https://api.rubyonrails.org/v6.1.7.
|
242
|
+
changelog_uri: https://github.com/rails/rails/blob/v6.1.7.7/actionview/CHANGELOG.md
|
243
|
+
documentation_uri: https://api.rubyonrails.org/v6.1.7.7/
|
244
244
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
245
|
-
source_code_uri: https://github.com/rails/rails/tree/v6.1.7.
|
245
|
+
source_code_uri: https://github.com/rails/rails/tree/v6.1.7.7/actionview
|
246
246
|
rubygems_mfa_required: 'true'
|
247
247
|
post_install_message:
|
248
248
|
rdoc_options: []
|
@@ -260,7 +260,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
260
260
|
version: '0'
|
261
261
|
requirements:
|
262
262
|
- none
|
263
|
-
rubygems_version: 3.
|
263
|
+
rubygems_version: 3.2.22
|
264
264
|
signing_key:
|
265
265
|
specification_version: 4
|
266
266
|
summary: Rendering framework putting the V in MVC (part of Rails).
|